Rotating client

Search APIs & Integrations for solutions or ask a question
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
ajithmurali

‎Dec 11, 2025 7:00 PM

Participant

As Detailed in https://community.hubspot.com/t5/APIs-Integrations/Need-to-Rotate-Client-Secret-for-Public-App/m-p/1...


I would llike to get support for rotating my client secret. Happy to provide details of APP ID in a DM to help reset this

Developer tools
0 Upvotes
2 Accepted solutions
SealaB
Solution
Community Manager

‎Dec 11, 2025 7:14 PM - edited ‎Dec 11, 2025 7:16 PM

Community Manager

Hey there, @ajithmurali
Here are some resources on the topic, just for information:

- Working with OAuth
- Update a secret

I've also sent over a DM - so please keep an eye out for this. Thanks!

Seala, Community Manager

Seala, Community Manager

View solution in original post

RubenBurdin
Solution

‎Dec 15, 2025 10:59 AM

Guide

Hi @ajithmurali , glad to see this moving quickly with the Community team.

Just to add a bit of context for anyone else reading: for public apps, client secret rotation isn’t something you can fully self-serve at any time the way you can with private apps. In most cases, HubSpot expects rotation to be coordinated, especially if the app is already installed in multiple portals, to avoid breaking OAuth flows unexpectedly.

 

The correct path is exactly what’s happening here:

  • Reach out via the Community or Support.

  • Share the App ID privately.

  • HubSpot can assist with generating or resetting the client secret and advising on rollout timing so existing installations keep working.

The docs Seala linked are the right reference points for understanding the OAuth flow and how secrets are handled, but the actual reset often requires human intervention once the app is live. If you’re planning a rotation as part of a security policy, it’s also worth making sure your app supports running with the old and new secrets during a transition window. Sounds like you’re on the right track now.

Did my answer help? Please mark it as a solution to help others find it too.

Ruben Burdin Ruben Burdin
HubSpot Advisor
Founder @ Stacksync
Real-Time Data Sync between any CRM and Database
Stacksync Banner

View solution in original post

0 Upvotes
4 Replies 4
RubenBurdin
Solution

‎Dec 15, 2025 10:59 AM

Guide

Hi @ajithmurali , glad to see this moving quickly with the Community team.

Just to add a bit of context for anyone else reading: for public apps, client secret rotation isn’t something you can fully self-serve at any time the way you can with private apps. In most cases, HubSpot expects rotation to be coordinated, especially if the app is already installed in multiple portals, to avoid breaking OAuth flows unexpectedly.

 

The correct path is exactly what’s happening here:

  • Reach out via the Community or Support.

  • Share the App ID privately.

  • HubSpot can assist with generating or resetting the client secret and advising on rollout timing so existing installations keep working.

The docs Seala linked are the right reference points for understanding the OAuth flow and how secrets are handled, but the actual reset often requires human intervention once the app is live. If you’re planning a rotation as part of a security policy, it’s also worth making sure your app supports running with the old and new secrets during a transition window. Sounds like you’re on the right track now.

Did my answer help? Please mark it as a solution to help others find it too.

Ruben Burdin Ruben Burdin
HubSpot Advisor
Founder @ Stacksync
Real-Time Data Sync between any CRM and Database
Stacksync Banner
0 Upvotes
ajithmurali

‎Dec 11, 2025 7:31 PM

Participant

Appreciate the fast response and addtiional information in the DM.

0 Upvotes
SealaB
Community Manager

‎Dec 11, 2025 7:36 PM

Community Manager

@ajithmurali - My pleasure, hope this helps! Let us know how you manage from here. 🙂

Seala, Community Manager
0 Upvotes
SealaB
Solution
Community Manager

‎Dec 11, 2025 7:14 PM - edited ‎Dec 11, 2025 7:16 PM

Community Manager

Hey there, @ajithmurali
Here are some resources on the topic, just for information:

- Working with OAuth
- Update a secret

I've also sent over a DM - so please keep an eye out for this. Thanks!

Seala, Community Manager

Seala, Community Manager
Sunny

Sign up for the Developer Newsletter

Fresh content delivered to your inbox every month.
Rotating client
Hi @ajithmurali , glad to see this moving quickly with the Community team. Just to add a bit of context for anyone else reading: for public apps, client secret rotation isn’t something you can...
Hi @ajithmurali , glad to see this moving quickly with the Community team. Just to add a bit of context for anyone else reading: for public apps, client secret rotation isn’t something you can...
Developers
Dec 15, 2025